Terraform
Kyverno JSON policies for Terraform plans, configurations, and state files. Enforce infrastructure-as-code security and compliance before resources are provisioned.
Kyverno JSON policies for scanning Terraform IaC artifacts with nctl scan terraform.
What’s Covered
- S3 bucket encryption and access control
- IAM role and policy validation
- Security group rules
- Resource tagging enforcement
- Cost control guardrails
All Terraform policies are available in the Nirmata policy library on GitHub.